git.ipfire.org Git - thirdparty/Python/cpython.git/commit

]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit

projects / thirdparty / Python / cpython.git / commit

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Fri, 25 Feb 2022 11:56:16 +0000 (03:56 -0800)
committer	GitHub <noreply@github.com>
	Fri, 25 Feb 2022 11:56:16 +0000 (03:56 -0800)
commit	4560c7e605887fda3af63f8ce157abf94954d4d2
tree	e910e61126fe537b4c300f30de0f96d5b305b6fa	tree \| snapshot
parent	b7f6e8e13574aaa69d132ea67d7a515bf257a0cb	commit \| diff

bpo-46756: Fix authorization check in urllib.request (GH-31353)

Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which
allowed to bypass authorization. For example, access to URI "example.org/foobar"
was allowed if the user was authorized for URI "example.org/foo".
(cherry picked from commit e2e72567a1c94c548868f6ee5329363e6036057a)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Lib/test/test_urllib2.py		diff \| blob \| blame \| history
Lib/urllib/request.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2022-02-15-11-57-53.bpo-46756.AigSPi.rst	[new file with mode: 0644]	blob

Mirror of https://github.com/python/cpython.git

RSS Atom